Smart Cards in Java Kerberos

Ostap Andrusiv pifostap at
Tue Jun 25 05:52:18 PDT 2013

Hi everyone,

I've been playing with smart cards and faced some issues.
Long story short:


   - I set up a basic Kerberos realm via Windows Active Directory.
   - I managed to successfully login into service via *login/password* pair
   using Java Kerberos(Krb5LoginModule), which is provided via JAAS.

Now I try to implement Kerberos login via smart card. Smart card
preauthentication in Kerberos is done via AS-REQ/AS-REP messages (
PA-PK-AS-REQ/P extensions). Unfortunately, JAAS Kerberos hasn't used the
smartcard. As far as I have seen, there were no PA-PK-AS-REQ/P extensions
in openjdk sources. Maybe, I missed something.


1. Does Java Kerberos support smart card preauthentication out of the box?

2. If it doesn't, can I somehow extends existing Kerberos module or should
I implement whole Kerberos from the ground up?

Thanks in advance,
Ostap Andrusiv

skype: ostap.andrusiv
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the security-dev mailing list